It is a sad fact that in the security industry most of the people most of the time concentrate on point solutions and fail to consider the general impact those solutions will have and how easy is to circumvent them (how future proof are they). While the "I have this problem NOW" mentality is probably built into our genes (and accentuated by marketing), it takes only a little effort to research ones options more thoroughly and it can have a big (positive) impact in the future (much like counting to ten before saying anything one might regret).

Example: suffering a malware outbreak, company X calls up Anti-Virus vendor Y and asks desperately: "Do you detect malware Z, which is spreading in our network? We already have another product, but it doesn't detect it!". And so the decision is made to replace the old product with the new product, without considering the fact that for each Anti-Virus product there are tens of thousands of malware which they miss, and it just so happens that in this case the first product detected while the second product missed the particular malware, but it could easily have happened the other way around.

Taking a step back the company could have identified key issues which lead to the malware infection in the first place, and which - if corrected - could reduce the probability of the incident happening much more drastically than swapping out one AV product for an other:
- the ability of users to run arbitrary programs (which could be prevented by using a whitelisting solution)
- autorun being enabled (which could be disabled trough Group Policy, and in addiction solutions for disabling the USB ports could be used)
- the ability for users to write to the file-server (which could be prevented by clarifying the requirements for the given file-server and locking it down according to the policy)

Second example: at BlackHat USA 2009 a researcher suggested that because he was able to implant a bootkit (a rootkit running from the boot sector) while running under Windows with Truecrypt installed, Truecrypt is broken. He also suggested a simple patch (for Truecrypt to deny write access to the MBR) and was upset when his patch was rejected (you can find part of the discussion on his blog - http://peterkleissner.com/?p=11 - where all the arguments were already detailed, but he remains unconvinced).

Again, let us take a step back and check our assumptions:
- we are talking about code under Windows which is able to write to arbitrary locations on the harddisk. This already supposes that it has enough privileges to execute code in kernel mode. Any measures taken by Truecrypt could be easily circumvented by patching the Truecrypt driver on-the-fly
- second of all, if the code already runs in the live Windows session, it has full access to the decrypted data. It doesn't need the Truecrypt password at all! It can simply register itself to be started when Windows starts up and upload all the sensitive data bit-by-bit
- finally, even using BitLocker in a TPM-enabled environment (which is the other suggestion by him), there is still the threat of hardware keyloggers (which could be embedded directly in the keyboard - see the ''Reversing and Exploiting an Apple® Firmware Update" talk from BlackHat USA 2009)

Seeing the big-picture takes a considerable amount of knowledge and understanding about the internals of how computers and software operate. One can't expect any help from the sales persons either because, even if we abstract away from the fact that he is trying to sell you the product, most probably he doesn't know. Just try to find out from a whitelisting vendor if she is doing the enforcement of the rules in user mode or in kernel mode. Knowing walls from speedbumps can be very hard because both have the effect of stopping the attack if they are of low enough speed. Curmudgeons can help, but as can be seen from the second example, they aren't correct always either.

What is the conclusion? Do your own research. Distrust grandiose claims, whoever makes them. And eliminating the root of the problem is in most of the cases simpler, cheaper and effective in combating a larger set of issues, than just buying a "solution".